A Day in the Life of Privacy

Everyday we Make Compromises in the Face of Privacy, and None of us Have as Much Privacy as we Want.

As soon as I woke up this morning my privacy was compromised. My Android phone has GPS enabled so that the phone, and any widget on it, can determine my geolocation. I am pretty careful about checking the permissions on the widgets I install, but not everyone is, and even I am capable of making errors. My daughter was once checking permissions on a screen saver and found that the “coarse location” was one of the permissions requested. Can you imagine a single valid reason that a screen saver would need your location?

Neither could I.

Go Google “TaintDroid” for all the gory details, but a joint study by Intel Labs, Penn State, and Duke University reviewed 30 “popular” widgets. 15 of those widgets were found to gather and send users’ geolocation information to remote advertising servers, and seven sent phone identifier information, including the phone number and SIM card serial numbers to developers. A small sample size, but the percentages are staggering.

After breakfast, it was time for me to travel so I got in my car and drove downtown. Simple enough, right? Except for my car’s OnStar system. Although I let the free subscription run out after my first year, according to OnStar they are working out details to monitor the system even if I am no longer a subscriber. As it is, OnStar has the ability to track geolocation of my car at any time, as well as gather diagnostic information, including the speeds at which I have been driving my vehicle. According to OnStar they can share that information with law enforcement, credit card processors, and others – apparently I agreed to this when I signed my initial OnStar agreement. Hmm. I must have missed that paragraph. You can opt out of all data collection, but you have to contact OnStar directly yourself.

As I got downtown, I drove through an intersection that was monitored by a red-light camera. I am not sure that I like the idea of automated systems taking my picture, but since the light was green it theoretically did not take any pictures of me. But, these are the same types of cameras that reported a photograph of a friend running a red light, while that friend was actually out of town and his car was parked at the airport parking garage. Just sayin’…

I got downtown way easier than I had thought – thinking “better 30 minutes early than a minute late” had gotten me there 45 minutes before my meeting, so I stopped for coffee first. I opened my iPad at the coffee shop, and checked up on email and local news. I chuckled about the fact that the coffee shop had four wireless networks available. Although I knew that the one labeled “free internet access” was not the shop’s wireless network, I wondered how many of the other 20 or so people in the coffee shop had picked that one since it was the first one in the list of available networks. I connected to email via https session. If you have not read anything about wireshark (or fireshark for Firefox) you should. A person with malevolent intent can use wireshark to sniff your wireless packets, and grab cookies and other information from out of the air. You could, for instance, be logged onto Facebook, and they can sniff your authentication cookies, and use your Facebook account, effectively impersonating you, and Facebook would have no idea. That is, unless you have enabled “secure browsing,” so you can connect to Facebook through an https connection. Did you know, the “s” means that it is encrypted, and thus protected from sniffing? Enable this at account settings/security/secure browsing after you log onto Facebook.

I then drove into the parking garage, and found it interesting that they had a camera mounted above the ticket dispenser. From that angle and distance they could get clear images of both my license plate and my face as I took the ticket. Deep down I know this shouldn’t mean anything, but it made me feel like I should be covering my license and face.

The company I met with was using facial recognition for authentication to access their high security areas. I thought it was pretty cool, but it made me think of other facial recognition tools like Recognizr or AugmentedID by the Astonishing Tribe, or the MORIS system used by law enforcement. MORIS (Mobile Offender Recognition and Identification System) uses fingerprint and facial recognition software on an iPhone in conjunction with a fingerprint reader and the iPhone’s camera to identify someone in law enforcement databases. AugmentedID will let you take a picture of someone with your phone, and the app will search its database for a matching face. It seems like this is only a small step away from being able to search Facebook and other Social Media for matching photos, potentially matching a stranger to their social accounts, identifying the person by name, all based on a picture. This is coming—it’s only a matter of time. Stalker heaven is on its way.

After my meeting, I stopped at the store and picked up the newest X-Men movie that had just come out on blu-ray. During the purchase, the clerk asked for my zip code. Ostensibly, the purpose of the zip code would be to help authorize my credit card, but in reality, the zip code is most likely used in combination with my identifying information from my credit card, and matched with my name/address and my purchase. Maybe they are not using my credit card details, but that doesn’t mean they aren’t pulling my name off the card. The retailer then has this information available for additional marketing efforts, including targeted ads, as well as selling the information to other retailers. Now, if the consumer’s name is “Bill Smith” the retailer may have a hard time finding that address, but with a name like mine it is a piece of cake. Personally, I politely declined to give up my zip code – all three times I was asked for it. For reference, in California it is now illegal for a retailer to ask for your zip code with most credit card purchases.

Then I stopped for groceries since we did not have everything for supper (coffee blackened steak with Cabernet reduction and rosemary-thyme roasted potatoes). I paid for everything on the fingerprint reader at the register that is tied to my credit card information on file at the store. So, yes, the grocery store has my credit card information and records of all my grocery purchases, along with my name and address.

Now, if I had an iPhone, I might worry about the detailed geolocation data that Apple is storing on my device – for as long as a year originally, but limited to a week in an update. The issue is that the device still gathers and stores the information locally. By all appearances, the information never leaves the phone, and is only used by your phone, on your phone. But that assumes we don’t have any Apple Apps looking for this information and passing it on like we already know is done by some Android widgets.

After groceries, I stopped for a drink, and my friend checked us in with Foursquare. Easy enough, he updated his location with his own phone. The good news about Foursquare is that it does not actively track your location. You have to explicitly “check-in”. Now, that didn’t stop him from checking in with me. It made me wonder if law enforcement officials watch things like Foursquare to help identify parties that may include considerable consumption of alcoholic beverages. I think I would. Since I was behind the wheel, I enjoyed my soda and drove home – drinking and driving is not my thing:

Jon H. in Minneapolis

Not enjoying my stay @ Hennepin County lockup

Facebook did away with “Places” but they still support location services with features that let you share “Where you’ve been,” “Where you are now,” and “Where you’re going.” By default, Facebook locations are turned on for all posts, but you can turn them off at any time. Using geolocation features like those from Foursquare and Facebook are completely voluntary, and you have control over whether you share anything at all. You are in control, but you have to exercise that control, since you can also define who has access to see your location information. If you leave your viewable information as “Public”, be aware that anyone who has access to your posts can see where you are, as in “not home.” At this point you should go check out PleaseRobMe.com, if you have not done so already.

My friend also checked me in with Facebook. Note that, by default, your Facebook account is configured to allow someone else to post your location. You can limit this by turning on “Profile (Timeline) Review.” This will let you approve or reject posts in which you have been tagged before they go on your timeline. Unfortunately, I had not changed my settings since Facebook’s latest update, so, yes, I also had my location posted up on Facebook as well, that I was at a pub with a senior employee of my one of my company’s competitors – like I really wanted that obvious. While, technically, sharing my geolocation information is voluntary, the only reason I really shared it was because I had not yet changed the default settings.

Some of my privacy concerns are small, and some are larger. Some are personal preference. My point is that everyday, all day, we make compromises in the face of privacy, and that, in reality, probably none of us have as much privacy as we want.

Jon-Louis Heimerl is Director of Strategic Security for Omaha-based Solutionary, Inc., a provider of managed security solutions, compliance and security measurement, and security consulting services. Mr. Heimerl has over 25 years of experience in security and security programs, and his background includes everything from writing device drivers in assembler to running a world-wide network operation center for the US Government. Mr. Heimerl has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. Mr. Heimerl's consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises.